GUI Authorizations
- Overall Administration Actions
- Self-service Actions
- Administration Dashboard Actions
- User actions
- Resource actions
- Role actions
- Organization actions
- Service actions
- Configuration actions
- Case actions
- Work items actions
- Report actions
- Task actions
- Org. structure actions
- Archetype actions
- Access certification actions
- Focal object tabs authorizations
- See also:
In the midPoint, we now support these GUI actions:
Overall Administration Actions
Action | Allowed access to page | Note |
---|---|---|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#all |
All GUI pages |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#home |
Administration dashboard (including the actions) |
covers also #dashboard and #myPasswords |
All administration pages for users (including the actions) |
||
All administration pages for resources (including the actions) |
||
All administration pages for roles (including the actions) |
||
All administration configuration pages (including the actions) |
||
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#allWorkItems |
All administration pages for work items (including the actions) |
Since 4.0 |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#reportsAll |
All administration pages for reports (including the actions) |
|
All administration pages for tasks (including the actions) |
||
All administration pages for org. structure (including the actions) |
||
All pages for access certification (including actions) |
Since 3.4 |
|
All pages for archetypes |
Since 4.0 |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssign |
Assign menu item authorization on the Assignment tab |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassign |
Unassign menu item authorization on the Assignment tab |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassignAllMembers |
Unassign all members menu item authorization on the Assignment tab |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#previewChanges |
Authorization required to access preview changes page. The authorization is also check while deciding if previewButton should be shown. |
Since 4.1 |
Self-service Actions
Administration Dashboard Actions
Action | Allowed access to page | Note |
---|---|---|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#dashboard |
Administration dashboard |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#myPasswords |
My passwords |
Page removed in 3.3, see self-service credentials page instead |
User actions
Action | Allowed access to page | Note |
---|---|---|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#users |
List users |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#user |
Create user |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#userDetails |
Edit user |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#findUsers |
Find users |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#usersView |
Showing menu items for views that are configured for users. |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#userHistory |
User historical data viewer page. The authorization check is also performed to determine whether the "View object data" button should be displayed on the history page. |
Resource actions
Action | Allowed access to page | Note |
---|---|---|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resources |
List resources |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resource |
Create resource (xml editor) |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resourceDetails |
Details of resource |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resourceEdit |
Edit resource |
Resource Wizard |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resourcesAccount |
Listing accounts on resource |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resourceWizard |
Resource wizard |
Role actions
Organization actions
Action | Allowed access to page | Note |
---|---|---|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgAll |
TODO: #orgTree + #orgStruct? |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgTree |
Org tree hierarchy |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnit |
Org. unit details (including editing) and New org. link (based on #read, #modify, #add and #delete model authorizations) |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssignOrgMember |
Authorization for Assign menu item on the org Managers and Members panels (e.g. Assign Managers, Assign Members) |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassignOrgMember |
Authorization for Unassign menu item on the org Managers and Members panels (e.g. Unassign selected members) |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAddOrgMember |
Authorization for Create menu item on the org Managers and Members panels (e.g. Create manager, Create member) |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminDeleteOrgMember |
Authorization for Delete menu item on the org Managers and Members panels (e.g. Delete all managers, Delete member, Delete all (focus) members) |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminRecomputeOrgMember |
Authorization for Recompute menu item on the org Managers and Members panels (e.g. Recompute all managers, Recompute selected members, Recompute direct members, Recompute all members) |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminOrgMove |
Authorization for Move organization menu item |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminOrgMakeRoot |
Authorization for Make root organization menu item |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnitHistory |
Org unit historical data viewer page. The authorization check is also performed to determine whether the "View object data" button should be displayed on the history page. |
Service actions
Action | Allowed access to page | Note |
---|---|---|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#services |
List services |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#service |
Create service |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#serviceDetails |
Details of service |
Since 4.4.2 |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#serviceHistory |
Service historical data viewer page. The authorization check is also performed to determine whether the "View object data" button should be displayed on the history page. |
Configuration actions
Action | Allowed access to page | Note |
---|---|---|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#debugs |
Repository objects |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#debug |
Edit repository object |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#configImport |
Import object |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#configLogging |
Logging settings |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#configSystemConfiguration |
System configuration |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#configAbout |
About system, self tests for repository and provisioning |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#configSyncAccounts |
Accounts synchronization information |
Case actions
Action | Allowed access to page | Note |
---|---|---|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#cases |
All cases. If only this authorization is defined, no views (My Cases, All Approvals) will be shown in the sidebar menu. |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#casesView |
Showing menu items for views that are configured for cases. |
Work items actions
Action | Allowed access to page | Note |
---|---|---|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#allWorkItems |
List work items |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#myWorkItems |
My work items |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#workItem |
Edit work item |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#attorneyWorkItems |
Attorney items |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#claimableWorkItems |
Items claimable by me |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#allRequests |
All requests |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#myRequests |
My requests |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#requestsAboutMe |
Requests about me |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#workItemsProcessInstance |
Process instance (Work items) |
Report actions
Action | Allowed access to page | Note |
---|---|---|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#reports |
List reports |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#createdReports |
Created reports |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#auditRead |
Reading audit log data |
since 3.5 |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#auditLogViewer |
Audit log viewer page |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#auditLogDetails |
Audit log details viewer page |
since 4.7 |
Task actions
Action | Allowed access to page | Note |
---|---|---|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#tasks |
List tasks |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#taskAdd |
Create task |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#taskDetails |
Task details |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#task |
Edit task |
Org. structure actions
Action | Allowed access to page | Note |
---|---|---|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgStruct |
Org. tree menu |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgTree |
Org. tree hierarchy |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnit |
New org unit link |
|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgDetails |
Edit Org Unit |
Since 4.4.3 |
Archetype actions
Action | Allowed access to page | Note |
---|---|---|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#archetypes |
List archetypes |
Since 4.0 |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#archetype |
Edit archetype |
Since 4.0 |
Access certification actions
Please see Access Certification Security for detailed list.
Focal object tabs authorizations
Display of object detail tabs is not controlled by authorizations. Admin GUI Configuration is used to control this behavior.